Rapid7 Blog

Update on the status of 3.0

POST STATS:

SHARE

It's been a while since our last update, so here's how things have been proceeding. We're nearing the point of being able to cut a stable release of 3.0. The main things that we'd like to complete before we'll feel happy calling things done include the following:

1. Finish up msfweb support, or at least get pretty close. We've made some good progress in getting a fancy little AJAX console integrated that allows you to run the equivalent of msfconsole from a web-browser. If you're interested, grab the latest from SVN and check it out (http://127.0.0.1:55555/console). It's not perfect yet, but it's pretty cool!

2. Clean up documentation and get the user guide ready to go. This should help anyone not familiar with 3.0 (or even Metasploit in general) to be able to pick it up and start using it. If you're familiar with 2.x and haven't used 3.0 yet, they're very similar, and the learning curve should be minimal.

3. Finish porting the few remaining exploit modules. Fortunately there aren't many left

4. Gloss over the core APIs and make sure they're all ready for prime time. We may make some API level changes that will break backward compat, but since this is beta, we'd like to do it now so that we have a nice and clean stable release for everyone to build on. We expect to keep these sort of breaking changes to a minimum if we even make any at all.

We don't want to throw out a date just yet seeing as any time we do we just end up becoming more busy than before Hopefully this will all be done Real Soon Now (tm)

In addition to the stable release, I'll also be giving a training course relating to the 3.0 version of the Metasploit framework at BlackHat Europe. This course is designed to teach attendees about the internals of Metasploit 3.0 with an emphasis on making it possible for students to easily use and extend the framework. If you're interested in getting more details, you can find them here.

Finally, unrelated to the framework, Uninformed released its sixth volume recently. This volume includes an article that outlines the 802.11 wireless exploits that were integrated into Metasploit 3.0 a few months ago. Additionally, Skywing has written a brilliant article outlining techniques that can be used to bypass (and subvert) the latest version of PatchGuard which is included in XP/SRV03/Vista x64.